Tailgating, also known as “piggybacking”, is a social engineering technique used by attackers to gain unauthorized access to secure facilities or systems by following closely behind a legitimate user. This attack exploits the human tendency to trust others and help them out in various situations.
How it works
- Target identification: The attacker chooses a target building, office, or data center which requires secure access.
- Observation: The attacker watches for patterns, studying employees’ routines and behaviors, identifying an ideal opportunity to slip in unnoticed.
- Entry: The attacker waits for a situation where an employee is entering the secure area using their access card, and pretends to have forgotten their card, phone or being preoccupied. The attacker follows the employee entering the area or even asks the employee to hold the door open.
- Securing Access: Once inside, the attacker may even steal a physical access card or exploit other vulnerabilities to secure long-term access.
- Awareness training: Ensure that employees are aware of tailgating as a threat and the importance of adhering to security policies.
- Physical security: Implement security measures like turnstiles, mantraps, or security guards to monitor and control access.
- Access control: Ensure that access cards are unique to each employee and cannot be easily duplicated.
- Strict policies: Enforce strict policies regarding holding doors open for others or allowing individuals into secure areas without proper credentials.
- Security culture: Build a strong security culture where employees feel responsible for the organization’s security and report any suspicious behavior.
It is essential to keep in mind that tailgating relies heavily on human behavior and trust. While physical and technical security measures are crucial, fostering a culture of vigilance and employee awareness can be just as effective in preventing such attacks.